diff --git a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/constants/AndroidSenseConstants.java b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/constants/AndroidSenseConstants.java
index 3c1e93a5c3..33a1c94542 100644
--- a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/constants/AndroidSenseConstants.java
+++ b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/constants/AndroidSenseConstants.java
@@ -1,7 +1,7 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
- * Licensed under the Apache License, Version 2.0 (the "License");
+ * Licensed under the Apache License, Version 2.0 (the "License"
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
@@ -16,6 +16,9 @@
package org.wso2.carbon.device.mgt.iot.androidsense.service.impl.constants;
+import org.wso2.carbon.CarbonConstants;
+import org.wso2.carbon.user.api.Permission;
+
public class AndroidSenseConstants {
public final static String DEVICE_TYPE = "android_sense";
@@ -44,4 +47,26 @@ public class AndroidSenseConstants {
public static final String SCOPE = "scope";
+ public static Permission[] permissions;
+
+ static {
+
+ Permission enroll = new Permission("/permission/admin/device-mgt/devices/enroll", CarbonConstants
+ .UI_PERMISSION_ACTION);
+ Permission disEnroll = new Permission("/permission/admin/device-mgt/devices/disenroll", CarbonConstants
+ .UI_PERMISSION_ACTION);
+ Permission owningDevice = new Permission("/permission/admin/device-mgt/devices/owning-device",
+ CarbonConstants.UI_PERMISSION_ACTION);
+ Permission groups = new Permission("/permission/admin/device-mgt/groups", CarbonConstants.UI_PERMISSION_ACTION);
+ Permission notifications = new Permission("/permission/admin/device-mgt/notifications", CarbonConstants
+ .UI_PERMISSION_ACTION);
+ Permission policies = new Permission("/permission/admin/device-mgt/policies", CarbonConstants
+ .UI_PERMISSION_ACTION);
+ Permission subscribe = new Permission("/permission/admin/manage/api/subscribe", CarbonConstants
+ .UI_PERMISSION_ACTION);
+
+ permissions = new Permission[]{enroll, disEnroll, owningDevice, groups, notifications, policies, subscribe};
+
+ }
+
}
diff --git a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/listener/PermissionUpdateListener.java b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/listener/PermissionUpdateListener.java
new file mode 100644
index 0000000000..dd073d2652
--- /dev/null
+++ b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/listener/PermissionUpdateListener.java
@@ -0,0 +1,125 @@
+/*
+ * Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.wso2.carbon.device.mgt.iot.androidsense.service.impl.listener;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.device.mgt.iot.androidsense.service.impl.AndroidSenseServiceImpl;
+import org.wso2.carbon.device.mgt.iot.androidsense.service.impl.constants.AndroidSenseConstants;
+import org.wso2.carbon.user.api.AuthorizationManager;
+import org.wso2.carbon.user.api.UserStoreException;
+import org.wso2.carbon.user.api.UserStoreManager;
+import org.wso2.carbon.user.core.service.RealmService;
+
+import javax.servlet.ServletContextEvent;
+import javax.servlet.ServletContextListener;
+
+public class PermissionUpdateListener implements ServletContextListener {
+
+ private static Log log = LogFactory.getLog(AndroidSenseServiceImpl.class);
+
+ private static final String ROLE_NAME = "internal/devicemgt-user";
+
+ @Override
+ public void contextInitialized(ServletContextEvent servletContextEvent) {
+
+ UserStoreManager userStoreManager = getUserStoreManager();
+ try {
+ if (userStoreManager != null) {
+ if (!userStoreManager.isExistingRole(ROLE_NAME)) {
+ userStoreManager.addRole(ROLE_NAME, null, AndroidSenseConstants.permissions);
+ } else {
+ getAuthorizationManager().authorizeRole(ROLE_NAME,
+ "/permission/admin/device-mgt/devices/enroll/android-sense", "ui.execute");
+ getAuthorizationManager().authorizeRole(ROLE_NAME,
+ "/permission/admin/device-mgt/devices/owning-device/view", "ui.execute");
+ }
+ } } catch (UserStoreException e) {
+ //
+ }
+ }
+
+ @Override
+ public void contextDestroyed(ServletContextEvent servletContextEvent) {
+
+ }
+
+ public static UserStoreManager getUserStoreManager() {
+ RealmService realmService;
+ UserStoreManager userStoreManager;
+ try {
+ PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+ realmService = (RealmService) ctx.getOSGiService(RealmService.class, null);
+ if (realmService == null) {
+ String msg = "Realm service has not initialized.";
+ log.error(msg);
+ throw new IllegalStateException(msg);
+ }
+ int tenantId = ctx.getTenantId();
+ userStoreManager = realmService.getTenantUserRealm(tenantId).getUserStoreManager();
+ realmService.getTenantUserRealm(tenantId).getAuthorizationManager();
+ } catch (UserStoreException e) {
+ String msg = "Error occurred while retrieving current user store manager";
+ log.error(msg, e);
+ throw new IllegalStateException(msg);
+ }
+ return userStoreManager;
+ }
+
+ public static AuthorizationManager getAuthorizationManager() {
+ RealmService realmService;
+ AuthorizationManager authorizationManager;
+ try {
+ PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+ realmService = (RealmService) ctx.getOSGiService(RealmService.class, null);
+ if (realmService == null) {
+ String msg = "Realm service has not initialized.";
+ log.error(msg);
+ throw new IllegalStateException(msg);
+ }
+ int tenantId = ctx.getTenantId();
+ authorizationManager = realmService.getTenantUserRealm(tenantId).getAuthorizationManager();
+ } catch (UserStoreException e) {
+ String msg = "Error occurred while retrieving current user store manager";
+ log.error(msg, e);
+ throw new IllegalStateException(msg);
+ }
+ return authorizationManager;
+ }
+
+
+// public static void registerApiAccessRoles(String user) {
+// UserStoreManager userStoreManager = null;
+// try {
+// userStoreManager = getUserStoreManager();
+// String[] userList = new String[]{user};
+// if (userStoreManager != null) {
+// String rolesOfUser[] = userStoreManager.getRoleListOfUser(user);
+// if (!userStoreManager.isExistingRole(Constants.DEFAULT_ROLE_NAME)) {
+// userStoreManager.addRole(Constants.DEFAULT_ROLE_NAME, userList, Constants.DEFAULT_PERMISSION);
+// } else if (rolesOfUser != null && Arrays.asList(rolesOfUser).contains(Constants.DEFAULT_ROLE_NAME)) {
+// return;
+// } else {
+// userStoreManager.updateUserListOfRole(Constants.DEFAULT_ROLE_NAME, new String[0], userList);
+// }
+// }
+// } catch (UserStoreException e) {
+// log.error("Error while creating a role and adding a user for virtual_firealarm.", e);
+// }
+// }
+
+}
diff --git a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/webapp/WEB-INF/web.xml b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/webapp/WEB-INF/web.xml
index 2c66f5c1de..f23e42e694 100644
--- a/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/webapp/WEB-INF/web.xml
+++ b/components/device-types/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/webapp/WEB-INF/web.xml
@@ -30,4 +30,8 @@
managed-api-enabled
true
+
+
+ org.wso2.carbon.device.mgt.iot.androidsense.service.impl.listener.PermissionUpdateListener
+